Hi Am 06.05.2014 17:59, schrieb Ethan Lai: > You can set "CONFIG proxy.config.url_remap.pristine_host_hdr INT 1" to keep > request's Host header.
yes, but it still would need to invent DNS names for some hundret domains and reconfigure the nameservers - in that case a cert on the origin is cheaper for sites wit forced ssl:-) > And, yes, I also think its a bug, lower precedence type, `redirect` here, > should not be matched again if higher > precedence type, `map` here, were matched. > I've provided a patch here > <https://issues.apache.org/jira/secure/attachment/12637293/no_redirect_after_map.patch>, > one patch of TS-2344 <https://issues.apache.org/jira/browse/TS-2344>. You can > try it if building trafficserver > yourself. thank you! i will give feedback ASAP, building ATS as my own RPMs need some time for other tasks currently :-( > 2014-05-06 19:31 GMT+08:00 Reindl Harald <[email protected] > <mailto:[email protected]>>: > > > > Am 06.05.2014 13:06, schrieb Ethan Lai: > > I'd suggest use different names > > that don't work because it would break the *automatic* > configuration of ATS / dnsmasq based on webservices > working with the real origin-configs > > as well it would break php applications seeing > http://real-webspace.local/ as URL and so no longer > correctly fix href="http://domain/folder/file.ext"; > to href="/folder/file.ext" by save content with > WYSIWG editors > > the current solution works perfectly for some > hundret domains without touch ATS manually > and care about the origin, it only breaks > if ATS is supposed to do SSL-offloading > and force the client to https > > IMHO that is a bug - the redirect statement > should not affect the right side of a map > in reverse proxy mode > > > Add DNS: real-webspace.local 192.168.196.3 > > > > redirect http://webspace.local https://webspace.local > > map https://webspace.local http://real-webspace.local > > > > 2014-05-06 18:37 GMT+08:00 Reindl Harald: > > > > Hi > > > > the settings below (which only make no sense without > > the underlying DNS views) are resulting in a redirect > > loop but why? > > > > redirect http://webspace.local https://webspace.local > > map https://webspace.local http://webspace.local > > > > * DNS-View external: webspace.local -> 192.168.196.2 > (192.168.196.2 = ATS) > > * DNS-View ATS machine: webspace.local -> 192.168.196.3 > (192.168.196.3 = Origin) > > > > the reason for that views is that this way automatic configuration > of > > ATS and dnsmasq based on webservices can be done and the decision > using > > the proxy or directly point to the origin is done with the public > DNS > > _____________________________________________________ > > > > these two mappings are working fine with http and https > > so i assume the problem is that the non-http-origin URL > > triggers also teh redirect above > > > > map http://webspace.local http://webspace.local > > map https://webspace.local http://webspace.local > > _____________________________________________________ > > > > these mappings also working because the origin itself > > is also accessed with https, but the idea of the config > > above is that ATS doing SSL termination, forcing the > > client to use https but the origin has no SSL > > > > redirect http://webspace.local https://webspace.local > > map https://webspace.local https://webspace.local > > -- Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / CISO / Software-Development m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33 icq: 154546673, http://www.thelounge.net/ http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
